This detection rule is designed to identify unauthorized login attempts on FTP services hosted by OpenCanary. OpenCanary is a low-interaction honeypot framework that allows users to simulate various services to detect and analyze threats in their environment. FTP (File Transfer Protocol) is a commonly targeted service for unauthorized access, and this rule helps monitor and alert on such login attempts, enhancing the situational awareness of network anomalies. The detection leverages logging capabilities of OpenCanary, focusing specifically on log entries categorized under logtype 2000, which indicates an FTP login attempt. It's crucial for security professionals to review these alerts alongside the context provided by the OpenCanary framework to discern legitimate traffic from potentially harmful access attempts. The rule is tagged with relevant ATT&CK techniques such as initial access and exfiltration, making it a valuable addition to any security monitoring strategy encompassing FTP services.